SoylentNews is people
SoylentNews
On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.
Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.
If you did nothing wrong and have nothing to hide, then you have nothing to fear. In Soviet Russia.
(Score: 0) by Anonymous Coward on Sunday April 30 2017, @12:02PM (1 child)
BGP is about distributing routing information between different administrative domains.
To some extent, that means between folks you don't necessarily trust, but have to peer with to make the Internet work.
In current routers, you can mitigate this with policies, but requiring each router to maintain policies for each destination on the Internet kind of defeats the purpose of BGP.
It would be interesting to know how this was found.
Seems like it would be the responsibility of the owners of the misdirected addresses to sort it out?
If this is the case, then it was only a useful test for these specific owners.
As for fixing it, if there were another record of the expected destination ISP, to cross check BGP changes against, then maybe a central watchdog could also raise an alarm.
Not sure how DNS and the address registrar's would fit into this?
Is there currently a DNS record to say who. or where the the expected ISP is?
(Score: 2) by NotSanguine on Monday May 01 2017, @12:36AM
It would be interesting to know how this was found.
IIUC, the folks over at BGPMon [bgpmon.net], whose job is to monitor this stuff, identified the issue [bgpmon.net] pretty quickly.
If this is the case, then it was only a useful test for these specific owners.
For a variety of reasons [soylentnews.org], it's more like this was a useful test of hijacking Internet traffic for fun and profit.
As for fixing it, if there were another record of the expected destination ISP, to cross check BGP changes against, then maybe a central watchdog could also raise an alarm.
Not sure how DNS and the address registrar's would fit into this?
Is there currently a DNS record to say who. or where the the expected ISP is?
There are efforts to address this issue, notably RPKI [ietf.org]. However, there are significant issues [bgpmon.net] WRT broadly implementing such functionality. A survey (somewhat dated) [ietf.org] gives a sense of the state of this effort.
No, no, you're not thinking; you're just being logical. --Niels Bohr